Security Incidents mailing list archives

Re: SYN/ACK to port 53

From: Daniel Martin <dtmartin24 () home com>
Date: 24 May 2001 17:44:04 -0400

"DeCamp, Paul" <PDeCamp () MedManageSystems com> writes:

Any assistance would be appreciated, and better yet, any advice as to where
on the Internet is a good location for looking up such obviously abnormal
activity and what possible explanations may be.  Thanks.


Could this be backscatter from someone else's SYN floods?  That is,
could these be packets being sent by a target machine in response to
packets with a spoofed source address of your machine?  The recent
paper on using backscatter measurements for some statistical analysis
of DOS attacks on the internet as a whole may be useful:
http://www.caida.org/outreach/papers/backscatter/

Current thread:

SYN/ACK to port 53 DeCamp, Paul (May 24)
- Re: SYN/ACK to port 53 Daniel Martin (May 25)
- Re: SYN/ACK to port 53 Ryan Russell (May 25)
  - RE: SYN/ACK to port 53 Golden_Eternity (May 26)
- <Possible follow-ups>
- Re: SYN/ACK to port 53 Bill_Royds (May 25)
- RE: SYN/ACK to port 53 Steve Halligan (May 25)
- RE: SYN/ACK to port 53 DeCamp, Paul (May 25)
- RE: SYN/ACK to port 53 Keith.Morgan (May 25)